From ad21bc852b52b10be81f3839b3b103a60134734c Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Thu, 20 Jan 2022 22:37:12 +0100 Subject: Process NFUs --- data/CVE/list | 82 +++++++++++++++++++++++++++++------------------------------ 1 file changed, 41 insertions(+), 41 deletions(-) diff --git a/data/CVE/list b/data/CVE/list index d79b4c506b..514d3790e4 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -855,23 +855,23 @@ CVE-2022-0287 CVE-2022-0286 RESERVED CVE-2022-0285 (Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior ...) - TODO: check + NOT-FOR-US: pimcore CVE-2022-0284 RESERVED CVE-2022-0283 RESERVED CVE-2022-0282 (Code Injection in Packagist microweber/microweber prior to 1.2.11. ...) - TODO: check + NOT-FOR-US: microweber CVE-2022-0281 (Exposure of Sensitive Information to an Unauthorized Actor in Packagis ...) - TODO: check + NOT-FOR-US: microweber CVE-2022-0280 RESERVED CVE-2022-0279 RESERVED CVE-2022-0278 (Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber ...) - TODO: check + NOT-FOR-US: microweber CVE-2022-0277 (Improper Access Control in Packagist microweber/microweber prior to 1. ...) - TODO: check + NOT-FOR-US: microweber CVE-2021-46401 RESERVED CVE-2021-46400 @@ -1738,7 +1738,7 @@ CVE-2021-45729 CVE-2021-44779 RESERVED CVE-2021-44777 (Cross-Site Request Forgery (CSRF) vulnerabilities leading to single or ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-44760 RESERVED CVE-2021-4207 @@ -4527,7 +4527,7 @@ CVE-2021-46106 CVE-2021-46105 RESERVED CVE-2021-46104 (An issue was discovered in webp_server_go 0.4.0. There is a directory ...) - TODO: check + NOT-FOR-US: webp_server_go CVE-2021-46103 RESERVED CVE-2021-46102 @@ -4721,13 +4721,13 @@ CVE-2021-46030 (There is a Cross Site Scripting attack (XSS) vulnerability in Ja CVE-2021-46029 RESERVED CVE-2021-46028 (In mblog <= 3.5.0 there is a CSRF vulnerability in the background a ...) - TODO: check + NOT-FOR-US: mblog CVE-2021-46027 (mysiteforme, as of 19-12-2022, has a CSRF vulnerability in the backgro ...) - TODO: check + NOT-FOR-US: mysiteforme CVE-2021-46026 (mysiteforme, as of 19-12-2022, is vulnerable to Cross Site Scripting ( ...) - TODO: check + NOT-FOR-US: mysiteforme CVE-2021-46025 (A Cross SIte Scripting (XSS) vulnerability exists in OneBlog <= 2.2 ...) - TODO: check + NOT-FOR-US: OneBlog CVE-2021-46024 RESERVED CVE-2021-46023 @@ -8983,7 +8983,7 @@ CVE-2021-44831 CVE-2021-44830 RESERVED CVE-2021-44829 (Cross Site Scripting (XSS) vulnerability exists in index.html in AFI W ...) - TODO: check + NOT-FOR-US: AFI WebACMS CVE-2021-44828 (Arm Mali GPU Kernel Driver (Midgard r26p0 through r30p0, Bifrost r0p0 ...) NOT-FOR-US: ARM CVE-2021-44827 @@ -9316,15 +9316,15 @@ CVE-2021-XXXX [Rainloop stores passwords in cleartext in logfile] [buster] - rainloop (Minor issue) NOTE: https://github.com/RainLoop/rainloop-webmail/issues/1872 CVE-2021-44738 (Buffer overflow vulnerability has been identified in Lexmark devices t ...) - TODO: check + NOT-FOR-US: Lexmark CVE-2021-44737 (PJL directory traversal vulnerability in Lexmark devices through 2021- ...) - TODO: check + NOT-FOR-US: Lexmark CVE-2021-44736 (The initial admin account setup wizard on Lexmark devices allow unauth ...) - TODO: check + NOT-FOR-US: Lexmark CVE-2021-44735 (Embedded web server command injection vulnerability in Lexmark devices ...) - TODO: check + NOT-FOR-US: Lexmark CVE-2021-44734 (Embedded web server input sanitization vulnerability in Lexmark device ...) - TODO: check + NOT-FOR-US: Lexmark CVE-2021-44733 (A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem ...) - linux [stretch] - linux (Vulnerable code not present) @@ -10619,9 +10619,9 @@ CVE-2021-44247 CVE-2021-44246 RESERVED CVE-2021-44245 (An SQL Injection vulnerability exists in Courcecodester COVID 19 Testi ...) - TODO: check + NOT-FOR-US: Courcecodester COVID 19 Testing Management System (CTMS) CVE-2021-44244 (An SQL Injection vulnerabiity exists in Sourcecodester Logistic Hub Pa ...) - TODO: check + NOT-FOR-US: Sourcecodester Logistic Hub Parcel's Management System CVE-2021-44243 RESERVED CVE-2021-44242 @@ -11175,11 +11175,11 @@ CVE-2021-44094 (ZrLog 2.2.2 has a remote command execution vulnerability at plug CVE-2021-44093 (A Remote Command Execution vulnerability on the background in zrlog 2. ...) NOT-FOR-US: zrlog CVE-2021-44092 (An SQL Injection vulnerability exists in code-projects Pharmacy Manage ...) - TODO: check + NOT-FOR-US: code-projects Pharmacy Management CVE-2021-44091 (A Cross-Site Scripting (XSS) vulnerability exists in Courcecodester Mu ...) - TODO: check + NOT-FOR-US: Courcecodester Multi Restaurant Table Reservation System CVE-2021-44090 (An SQL Injection vulnerability exists in Sourcecodester Online Reviewe ...) - TODO: check + NOT-FOR-US: Sourcecodester Online Reviewer System CVE-2021-44089 RESERVED CVE-2021-44088 @@ -11673,7 +11673,7 @@ CVE-2022-21703 CVE-2022-21702 RESERVED CVE-2022-21701 (Istio is an open platform to connect, manage, and secure microservices ...) - TODO: check + NOT-FOR-US: Istio CVE-2022-21700 (Micronaut is a JVM-based, full stack Java framework designed for build ...) TODO: check CVE-2022-21699 (IPython (Interactive Python) is a command shell for interactive comput ...) @@ -11732,7 +11732,7 @@ CVE-2022-21681 (Marked is a markdown parser and compiler. Prior to version 4.0.1 CVE-2022-21680 (Marked is a markdown parser and compiler. Prior to version 4.0.10, the ...) TODO: check CVE-2022-21679 (Istio is an open platform to connect, manage, and secure microservices ...) - TODO: check + NOT-FOR-US: Istio CVE-2022-21678 (Discourse is an open source discussion platform. Prior to version 2.8. ...) NOT-FOR-US: Discourse CVE-2022-21677 (Discourse is an open source discussion platform. Discourse groups can ...) @@ -14463,7 +14463,7 @@ CVE-2021-43271 CVE-2021-43270 (Datalust Seq.App.EmailPlus (aka seq-app-htmlemail) 3.1.0-dev-00148, 3. ...) NOT-FOR-US: Datalust Seq.App.HtmlEmail (aka Seq.App.EmailPlus) CVE-2021-43269 (In Code42 app before 8.8.0, eval injection allows an attacker to chang ...) - TODO: check + NOT-FOR-US: Code42 app CVE-2021-43268 (An issue was discovered in VxWorks 6.9 through 7. In the IKE component ...) NOT-FOR-US: Wind River VxWorks CVE-2021-43266 (In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exporting col ...) @@ -19702,7 +19702,7 @@ CVE-2021-42010 CVE-2021-42009 (An authenticated Apache Traffic Control Traffic Ops user with Portal-l ...) NOT-FOR-US: Apache Traffic Control CVE-2021-3862 (icecoder is vulnerable to Improper Neutralization of Input During Web ...) - TODO: check + NOT-FOR-US: icecoder CVE-2021-3861 RESERVED CVE-2021-3860 (JFrog Artifactory before 7.25.4 (Enterprise+ deployments only), is vul ...) @@ -19793,7 +19793,7 @@ CVE-2021-41974 (Tad Book3 editing book page does not perform identity verificati CVE-2021-3858 (snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) ...) NOT-FOR-US: snipe-it CVE-2021-3857 (chaskiq is vulnerable to Improper Neutralization of Input During Web P ...) - TODO: check + NOT-FOR-US: chaskiq CVE-2021-41973 (In Apache MINA, a specifically crafted, malformed HTTP request may cau ...) NOT-FOR-US: Apache MINA CVE-2021-41972 (Apache Superset up to and including 1.3.1 allowed for database connect ...) @@ -20026,7 +20026,7 @@ CVE-2021-41867 (An information disclosure vulnerability in OnionShare 2.3 before CVE-2021-41866 (MyBB before 1.8.28 allows stored XSS because the displayed Template Na ...) NOT-FOR-US: MyBB CVE-2021-3853 (chaskiq is vulnerable to Improper Neutralization of Input During Web P ...) - TODO: check + NOT-FOR-US: chaskiq CVE-2021-3852 (growi is vulnerable to Authorization Bypass Through User-Controlled Ke ...) TODO: check CVE-2021-41865 (HashiCorp Nomad and Nomad Enterprise 1.1.1 through 1.1.5 allowed authe ...) @@ -35236,15 +35236,15 @@ CVE-2021-35689 CVE-2021-35688 RESERVED CVE-2021-35687 (Vulnerability in the Oracle Financial Services Analytical Applications ...) - TODO: check + NOT-FOR-US: Oracle CVE-2021-35686 (Vulnerability in the Oracle Financial Services Analytical Applications ...) - TODO: check + NOT-FOR-US: Oracle CVE-2021-35685 RESERVED CVE-2021-35684 RESERVED CVE-2021-35683 (Vulnerability in the Oracle Essbase Administration Services product of ...) - TODO: check + NOT-FOR-US: Oracle CVE-2021-35682 RESERVED CVE-2021-35681 @@ -35447,7 +35447,7 @@ CVE-2021-35588 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition {DLA-2814-1} - openjdk-8 8u312-b07-1 CVE-2021-35587 (Vulnerability in the Oracle Access Manager product of Oracle Fusion Mi ...) - TODO: check + NOT-FOR-US: Oracle CVE-2021-35586 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) {DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1} - openjdk-17 17.0.1+12-1 @@ -37143,7 +37143,7 @@ CVE-2021-34860 (This vulnerability allows network-adjacent attackers to disclose CVE-2021-34859 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: TeamViewer CVE-2021-34858 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: TeamViewer CVE-2021-34857 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels Desktop CVE-2021-34856 (This vulnerability allows local attackers to escalate privileges on af ...) @@ -37755,7 +37755,7 @@ CVE-2021-34602 CVE-2021-34601 RESERVED CVE-2021-34600 (Telenot CompasX versions prior to 32.0 use a weak seed for random numb ...) - TODO: check + NOT-FOR-US: Telenot CompasX CVE-2021-34599 (Affected versions of CODESYS Git in Versions prior to V1.1.0.0 lack ce ...) NOT-FOR-US: CODESYS CVE-2021-34598 (In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 an ...) @@ -41530,7 +41530,7 @@ CVE-2021-33042 CVE-2021-33041 (vmd through 1.34.0 allows 'div class="markdown-body"' XSS, as demonstr ...) NOT-FOR-US: vmd CVE-2021-33040 (managers/views/iframe.js in FuturePress EPub.js before 0.3.89 allows X ...) - TODO: check + NOT-FOR-US: FuturePress EPub.js CVE-2021-33039 RESERVED CVE-2021-33038 (An issue was discovered in management/commands/hyperkitty_import.py in ...) @@ -44684,7 +44684,7 @@ CVE-2021-31855 (KDE Messagelib through 5.17.0 reveals cleartext of encrypted mes NOTE: https://kde.org/info/security/advisory-20210429-1.txt NOTE: https://commits.kde.org/messagelib/3b5b171e91ce78b966c98b1292a1bcbc8d984799 CVE-2021-31854 (A command Injection Vulnerability in McAfee Agent (MA) for Windows pri ...) - TODO: check + NOT-FOR-US: McAfee CVE-2021-31853 (DLL Search Order Hijacking Vulnerability in McAfee Drive Encryption (M ...) NOT-FOR-US: McAfee CVE-2021-31852 (A Reflected Cross-Site Scripting vulnerability in McAfee Policy Audito ...) @@ -51759,7 +51759,7 @@ CVE-2021-29217 CVE-2021-29216 RESERVED CVE-2021-29215 (A potential security vulnerability in HPE Ezmeral Data Fabric that may ...) - TODO: check + NOT-FOR-US: HPE CVE-2021-29214 (A security vulnerability has been identified in HPE StoreServ Manageme ...) NOT-FOR-US: HPE CVE-2021-29213 (A potential local bypass of security restrictions vulnerability has be ...) @@ -64895,7 +64895,7 @@ CVE-2021-23845 (This vulnerability could allow an attacker to hijack a session w CVE-2021-23844 RESERVED CVE-2021-23843 (The Bosch software tools AccessIPConfig.exe and AmcIpConfig.exe are us ...) - TODO: check + NOT-FOR-US: Bosch CVE-2021-23842 (Communication to the AMC2 uses a state-of-the-art cryptographic algori ...) TODO: check CVE-2021-23841 (The OpenSSL public API function X509_issuer_and_serial_hash() attempts ...) @@ -87696,7 +87696,7 @@ CVE-2020-27430 CVE-2020-27429 RESERVED CVE-2020-27428 (A DOM-based cross-site scripting (XSS) vulnerability in Scratch-Svg-Re ...) - TODO: check + NOT-FOR-US: Scratch-Svg-Renderer CVE-2020-27427 RESERVED CVE-2020-27426 @@ -108498,7 +108498,7 @@ CVE-2020-18079 CVE-2020-18078 (A vulnerability in /include/web_check.php of SEMCMS v3.8 allows attack ...) NOT-FOR-US: SEMCMS CVE-2020-18077 (A buffer overflow vulnerability in the Virtual Path Mapping component ...) - TODO: check + NOT-FOR-US: FTPShell Server CVE-2020-18076 RESERVED CVE-2020-18075 @@ -118393,7 +118393,7 @@ CVE-2020-14112 CVE-2020-14111 RESERVED CVE-2020-14110 (AX3600 router sensitive information leaked.There is an unauthorized in ...) - TODO: check + NOT-FOR-US: AX3600 router CVE-2020-14109 (There is command injection in the meshd program in the routing system, ...) NOT-FOR-US: Xiaomi CVE-2020-14108 -- cgit v1.2.3